Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirection problem; tutorial didn't work [Closed]


  • This topic is locked This topic is locked

#31
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
1. No, I unfortunately do not have the XP installation disk.

2. Here is the log. The only checked box was next to "internet services," as that was automatically checked. Please let me know if I need to run a scan with other boxes checked.

Farbar Service Scanner Version: 10-12-2012
Ran by Ron (the merciful) (administrator) on 19-12-2012 at 12:27:37
Microsoft Windows XP Service Pack 3 (X86)

************************************************
======== Search: "wscsvc.dll" =========

====== End Of Search ======
  • 0

Advertisements


#32
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Hi godawgs,

I'm trying to copy files from an external hard drive to my computer, not the ill one.

When I try to copy a file folder, which contains Word documents, PDFs, and digital files (of documents) I get an error message once the files begin to transfer.

Cannot copy
Data error
cyclic redundancy check

I've looked into this on this forum and some suggestions are
a) try a dual power cable
b) try connecting it directly to the computer
c) try to run a program on the HD

The first two don't seem to apply to me as this malfunctioning with the HD occurred right around when my desktop became infected. I'm guessing they're related.

After we fix the computer should/could we try to work on that?
Or, should I start a new thread?

The good news is that all the files are saved elsewhere and backed up. The bad news is that I've renamed & sorted them to folders for use, which might be lost if the HD is just totally buggered. If I can get there four file folders off of it and saved elsewhere I'm going to reformat/erase/redo the entire HD.

Please advise.
  • 0

#33
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ron,

A cyclic redundancy check, known as a CRC error, often occurs when you're attempting to transfer data to a hard drive. It's most commonly caused by an interruption in the recording process, but also can be a sign that you've got problems with your hard drive or optical drive. Unless you have a detailed knowledge of the algorithms used to describe CRC errors, it's usually fixed through a process of eliminating several potential errors with your hardware.

This came from one of our other Techs. This is not my bailiwick but there are a couple of things we can check. If that doesn't work I will see if I can get another tech to look at it. Just remind me when we are done with this system.

Seems that there isn't a wscsvc.dll file on the computer. I need to make sure that the wscsvc.dll file from a XP Home system will work. If it will I will send you a copy of the file from my XP system. If it doesn't, I need to find a copy from a XP Pro system to send you. I'll be back. :)
  • 0

#34
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
1) CRC error - Sure, I'll wait on that. One problem at a time!

2) Okay. Sounds good. I'll check back in & wait to see what you are able to find. Thanks for looking!
  • 0

#35
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ron,

Let's see what we can do about the Security Center service.


Step-1.

1. Please download the attached wscsvc.zip folder and save it to the desktop.
2. Please download the LEGACY_WSCSVC.reg file from this link and save it to the desktop.


Step-2

Back Up the WSCSVC_LEGACY registry key.

  • Click Start, then click Run. The Run window will open.
  • In the Open box type regedit and click OK. The registry editor window will open.
  • Click the + beside HKEY_LOCAL_MACHINE
  • Click the + beside SYSTEM
  • Click the + beside CurrentControlSet
  • Click the + beside Enum
  • Click the + beside Root
  • Find the LEGACY_WSCSVC key and click it once to highlight it.
  • At the top of the Registry Editor window click File, then click Export. The Export Registry File window will open.
  • In the left hand column, click Desktop. This will put the Desktop in the Save in: box.
  • In the File name: box, type LegacyWSCSVCbak
  • In the Save as type: box make sure it says Registration files *.reg
  • Click the Save button. This will put a backup of the LEGACY_WSCSVC on the desktop.

Step-3.

Show Hidden Files and Folders
  • Click Start. Then click Computer.
  • On the next window, at the top of the window, click Tools then click Folder Options.
  • On the Folder Options window click the View tab.
  • Under the Files and Folders section:
  • Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

    Posted Image
  • Also make sure that Hide protected system operating files(recommended) is un-checked.

    Posted Image
  • Also make sure the Hide extensions for known file types box is un-checked.

    Posted Image

Step-4.

  • Close all windows and browsers.
  • Right click the wscsvc.zip folder and click Extract all and extract the wscsvc.dll file to the desktop.
  • Right click the wscsvc.dll file and click Copy
  • Open Windows Explorer and navigate to the C:/windows/System32 folder and click it to highlight it. The list of files in the folder will populate the right pane.
  • Right click inside the right pane where all of the files are listed and click Paste. This will put a copy of the wscsvc.dll file in the C:\Windows System32 folder.
  • Close Widows Explorer
  • Back on the desktop right click the LEGACY_WSCSVC.reg file and click Merge
  • OK any prompts you might get. This will rebuild the missing LEGACY_WSCSVC registry key.

Step-5.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2009/08/16 08:50:04 | 000,653,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe
MOD - [2012/12/16 11:59:59 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\_elementtree.pyd
MOD - [2012/12/16 11:59:59 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\_socket.pyd
MOD - [2012/12/16 11:59:58 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\pysqlite2._sqlite.pyd
MOD - [2012/12/16 11:59:58 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32api.pyd
MOD - [2012/12/16 11:59:58 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32ts.pyd
MOD - [2012/12/16 11:59:57 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\wx._gdi_.pyd
MOD - [2012/12/16 11:59:57 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32com.shell.shell.pyd
MOD - [2012/12/16 11:59:57 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\wx._html2.pyd
MOD - [2012/12/16 11:59:57 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32crypt.pyd
MOD - [2012/12/16 11:59:56 | 001,024,024 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\windows._cacheinvalidation.pyd
MOD - [2012/12/16 11:59:55 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\pythoncom26.dll
MOD - [2012/12/16 11:59:55 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\_ctypes.pyd
MOD - [2012/12/16 11:59:55 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32profile.pyd
MOD - [2012/12/16 11:59:54 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\wx._misc_.pyd
MOD - [2012/12/16 11:59:53 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32security.pyd
MOD - [2012/12/16 11:59:53 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\PyWinTypes26.dll
MOD - [2012/12/16 11:59:52 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\_ssl.pyd
MOD - [2012/12/16 11:59:51 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\wx._core_.pyd
MOD - [2012/12/16 11:59:51 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32process.pyd
MOD - [2012/12/16 11:59:51 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32pdh.pyd
MOD - [2012/12/16 11:59:49 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\wx._windows_.pyd
MOD - [2012/12/16 11:59:49 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\_hashlib.pyd
MOD - [2012/12/16 11:59:48 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\wx._wizard.pyd
MOD - [2012/12/16 11:59:48 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32file.pyd
MOD - [2012/12/16 11:59:48 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32inet.pyd
MOD - [2012/12/16 11:59:35 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\wx._controls_.pyd
MOD - [2012/12/16 11:59:33 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\unicodedata.pyd
MOD - [2012/12/16 11:59:33 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\pyexpat.pyd
MOD - [2012/12/16 11:59:33 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\win32event.pyd
MOD - [2012/12/16 11:59:33 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI1922\select.pyd
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2012/12/16 12:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron (the merciful)\Application Data\BitTorrent

:FILES
net stop wscsvc /c
net start wscsvc /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-6

Re-Run Farbar Service Scanner

Right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-7.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
3. The FSS.txt log
  • 0

#36
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named bittorrent.exe was found!
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Documents and Settings\Ron (the merciful)\Application Data\BitTorrent folder moved successfully.
========== FILES ==========
< net stop wscsvc /c >
C:\Documents and Settings\Ron (the merciful)\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ron (the merciful)\Desktop\cmd.txt deleted successfully.
< net start wscsvc /c >
C:\Documents and Settings\Ron (the merciful)\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ron (the merciful)\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 4857 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 19124 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ron (the merciful)
->Temp folder emptied: 269255610 bytes
->Temporary Internet Files folder emptied: 2256175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7772180 bytes
->Google Chrome cache emptied: 65316662 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 630330 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2761986472 bytes

Total Files Cleaned = 2,963.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202012_191812

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP000000015E5F496935B349FB not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#37
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
OTL logfile created on: 12/20/2012 7:44:19 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ron (the merciful)\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 121.14 Mb Available Physical Memory | 23.75% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.65 Gb Total Space | 49.77 Gb Free Space | 70.45% Space Free | Partition Type: NTFS

Computer Name: RUSSO-DESKTOP | User Name: Ron (the merciful) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/12 23:53:32 | 011,179,720 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2012/12/12 16:03:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ron (the merciful)\Desktop\OTL.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/11/08 16:58:24 | 016,070,136 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/09/21 15:12:00 | 000,331,776 | ---- | M] (LunarFrog.com) -- C:\Documents and Settings\Ron (the merciful)\Desktop\TaggedFrog_1.1\TaggedFrog.exe
PRC - [2012/09/12 17:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/26 23:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Ron (the merciful)\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/09/27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/04/17 18:01:32 | 000,929,792 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/13 22:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/15 02:07:44 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/20 19:30:46 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32api.pyd
MOD - [2012/12/20 19:30:46 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\_elementtree.pyd
MOD - [2012/12/20 19:30:46 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\_socket.pyd
MOD - [2012/12/20 19:30:45 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\pysqlite2._sqlite.pyd
MOD - [2012/12/20 19:30:45 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32ts.pyd
MOD - [2012/12/20 19:30:44 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\wx._gdi_.pyd
MOD - [2012/12/20 19:30:44 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32com.shell.shell.pyd
MOD - [2012/12/20 19:30:44 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\wx._html2.pyd
MOD - [2012/12/20 19:30:44 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32crypt.pyd
MOD - [2012/12/20 19:30:42 | 001,024,024 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\windows._cacheinvalidation.pyd
MOD - [2012/12/20 19:30:41 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32profile.pyd
MOD - [2012/12/20 19:30:40 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\pythoncom26.dll
MOD - [2012/12/20 19:30:40 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\_ctypes.pyd
MOD - [2012/12/20 19:30:39 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\wx._misc_.pyd
MOD - [2012/12/20 19:30:38 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32security.pyd
MOD - [2012/12/20 19:30:38 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\PyWinTypes26.dll
MOD - [2012/12/20 19:30:36 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\_ssl.pyd
MOD - [2012/12/20 19:30:34 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\wx._core_.pyd
MOD - [2012/12/20 19:30:34 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32process.pyd
MOD - [2012/12/20 19:30:34 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32pdh.pyd
MOD - [2012/12/20 19:30:32 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\_hashlib.pyd
MOD - [2012/12/20 19:30:31 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\wx._windows_.pyd
MOD - [2012/12/20 19:30:30 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\wx._wizard.pyd
MOD - [2012/12/20 19:30:30 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32file.pyd
MOD - [2012/12/20 19:30:29 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32inet.pyd
MOD - [2012/12/20 19:30:08 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\wx._controls_.pyd
MOD - [2012/12/20 19:30:06 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\unicodedata.pyd
MOD - [2012/12/20 19:30:06 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\pyexpat.pyd
MOD - [2012/12/20 19:30:06 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\win32event.pyd
MOD - [2012/12/20 19:30:06 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Local Settings\temp\_MEI31362\select.pyd
MOD - [2010/09/27 11:03:08 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/08/01 08:19:33 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\a4c5647e14a60542bdc6db025820565e\System.Configuration.ni.dll
MOD - [2009/08/01 08:16:09 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\1ae45140aef4a04f97a89e9de9a5a150\System.Xml.ni.dll
MOD - [2009/08/01 08:15:57 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ebb37c7195048f4db5fd159fe8a40b8e\System.Windows.Forms.ni.dll
MOD - [2009/08/01 08:15:31 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e46253c941b1614fa7fb1936725a5029\System.Drawing.ni.dll
MOD - [2009/08/01 08:15:26 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\a1dc0e83bea70640a5173b104b3dd6c8\System.ni.dll
MOD - [2009/08/01 08:15:05 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\54365b3e4a73e1489c0e41df3600e683\mscorlib.ni.dll
MOD - [2009/04/03 15:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2007/07/12 10:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012/12/12 11:35:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 15:14:00 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/30 23:42:12 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/09/27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/09/09 21:46:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6223213-14B0-4798-BD1C-37A6D84709C0}\MpKsle01d262f.sys -- (MpKsle01d262f)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/11/30 23:42:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/09/27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/04/17 09:44:46 | 000,574,080 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.dailytao.org/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/10 15:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/10 15:13:48 | 000,000,000 | ---D | M]

[2012/09/21 15:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ron (the merciful)\Application Data\Mozilla\Extensions
[2012/10/23 14:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ron (the merciful)\Application Data\Mozilla\Firefox\Profiles\qdu253mj.default\extensions
[2012/12/10 15:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/10 15:14:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/23 09:37:56 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Ron (the merciful)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Ron (the merciful)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ron (the merciful)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ron (the merciful)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/15 17:41:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\Run: [TaggedFrog] C:\Documents and Settings\Ron (the merciful)\Desktop\TaggedFrog_1.1\TaggedFrog.exe (LunarFrog.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Ron (the merciful)\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Ron (the merciful)\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1348506400799 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D114F58-451D-4319-BDEE-2E9108F2C8A0}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ron (the merciful)\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ron (the merciful)\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/01 22:43:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 19:16:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ron (the merciful)\Desktop\OTL.exe
[2012/12/19 17:23:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ron (the merciful)\Recent
[2012/12/17 16:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/16 11:46:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/16 11:45:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/16 11:43:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ron (the merciful)\Desktop\aswMBR.exe
[2012/12/16 11:39:03 | 005,010,912 | R--- | C] (Swearware) -- C:\Documents and Settings\Ron (the merciful)\Desktop\ComboFix.exe
[2012/12/15 17:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/12/15 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/12/15 17:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/12/15 17:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/12/15 17:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/12/15 17:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2012/12/15 17:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2012/12/15 17:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2012/12/15 17:41:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/12/15 17:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/12/15 17:41:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/12/15 17:11:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/12/15 17:08:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ron (the merciful)\My Documents\My Videos
[2012/12/15 17:08:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ron (the merciful)\Start Menu\Programs\Administrative Tools
[2012/12/15 14:30:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/12/15 14:30:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/12/15 14:30:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/12/15 14:30:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/12/15 14:30:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/15 13:28:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/12/13 10:35:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Ron (the merciful)\My Documents\Google Drive
[2012/12/13 10:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2012/12/13 10:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/12/13 09:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron (the merciful)\Local Settings\Application Data\Google
[2012/12/12 13:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron (the merciful)\Desktop\GooredFix Backups
[2012/12/12 12:59:08 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/12/12 12:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/12/12 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/12/12 12:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/12/12 11:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron (the merciful)\My Documents\Dissertation Files
[2012/12/10 17:02:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ron (the merciful)\IECompatCache
[2012/12/10 15:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/28 11:26:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ron (the merciful)\PrivacIE

========== Files - Modified Within 30 Days ==========

[2012/12/20 19:37:19 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/20 19:36:25 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/20 19:33:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/20 19:30:08 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/12/20 19:29:39 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/20 19:26:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/20 19:26:02 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 19:09:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-484061587-1606980848-500UA.job
[2012/12/20 19:09:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 19:01:42 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\LegacyWSCSVCbak.reg
[2012/12/20 18:54:14 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\LEGACY_WSCSVC.reg
[2012/12/20 16:09:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-484061587-1606980848-500Core.job
[2012/12/20 10:43:45 | 001,001,895 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\1968 files.csv
[2012/12/20 09:46:19 | 000,398,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/20 09:46:18 | 000,061,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/19 09:55:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/17 16:55:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/16 11:42:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ron (the merciful)\Desktop\aswMBR.exe
[2012/12/15 17:41:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/15 17:12:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/12/15 14:16:52 | 005,010,912 | R--- | M] (Swearware) -- C:\Documents and Settings\Ron (the merciful)\Desktop\ComboFix.exe
[2012/12/14 14:07:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/14 12:51:01 | 001,164,119 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\ElfPDFStreamPublic.pdf
[2012/12/14 12:14:14 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2012/12/13 10:35:55 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\Google Drive.lnk
[2012/12/13 10:08:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\Google Chrome.lnk
[2012/12/13 10:08:20 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 16:03:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ron (the merciful)\Desktop\OTL.exe
[2012/12/12 14:06:51 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ron (the merciful)\Desktop\TDSSKiller.exe
[2012/12/12 12:31:34 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\NTREGOPT.lnk
[2012/12/12 12:31:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\ERUNT.lnk
[2012/12/07 09:12:09 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/12/06 16:12:39 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\Magic Briefcase.lnk

========== Files Created - No Company Name ==========

[2012/12/20 19:01:42 | 000,001,064 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\LegacyWSCSVCbak.reg
[2012/12/20 18:54:13 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\LEGACY_WSCSVC.reg
[2012/12/20 10:43:45 | 001,001,895 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\1968 files.csv
[2012/12/17 17:04:57 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/17 17:04:57 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/17 16:55:38 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/17 16:54:49 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/15 17:12:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/12/15 17:12:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/12/15 14:30:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/12/15 14:30:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/12/15 14:30:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/12/15 14:30:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/12/15 14:30:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/12/14 12:50:53 | 001,164,119 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\ElfPDFStreamPublic.pdf
[2012/12/13 10:35:54 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\Google Drive.lnk
[2012/12/13 10:08:20 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\Google Chrome.lnk
[2012/12/13 10:08:20 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 12:31:34 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\NTREGOPT.lnk
[2012/12/12 12:31:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Desktop\ERUNT.lnk
[2012/12/07 09:12:15 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Start Menu\Programs\Windows Media Player.lnk
[2012/12/07 09:12:08 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Ron (the merciful)\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/24 12:46:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/24 11:39:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/16 14:19:03 | 000,068,964 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/03/16 14:19:03 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat

========== ZeroAccess Check ==========

[2009/08/01 08:14:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/26 18:41:42 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/26 18:41:31 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 22:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/11 09:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/09/21 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LunarFrog
[2009/08/06 01:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/08/06 01:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/06/12 09:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/07/02 15:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/12/20 19:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron (the merciful)\Application Data\Dropbox

========== Purity Check ==========



< End of report >
  • 0

#38
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Farbar Service Scanner Version: 10-12-2012
Ran by Administrator (administrator) on 20-12-2012 at 20:26:04
Running from "C:\Documents and Settings\Ron (the merciful)\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#39
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
There are the three logs.

I hope I did these steps properly. Some things were a bit off and confused me. For example, the LEGACY_WSCSVC part - when I looked that up it was WXCSVC, with an "x" in the place of the "s". I thought maybe something had been updated or something beyond me. Hope I didn't screw it up but I did try and follow the instructions closely.

I'm leaving for the night, will be back again tomorrow. Hope to hear back from you.

Should I leave the computer plugged into the internet? It's not really necessary but I can. Also, tomorrow is Friday, come Saturday I'll be out of town & away from this desktop for a few days. Hopefully we can fix it tomorrow, or even early Saturday.

Thank you for all your time & assistance thus far!
  • 0

#40
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Some things were a bit off and confused me. For example, the LEGACY_WSCSVC part - when I looked that up it was WXCSVC, with an "x" in the place of the "s". I thought maybe something had been updated or something beyond me.

That's my fault. Brain cells must be dying.

Should I leave the computer plugged into the internet?

Your call. Either way is fine. The rootkit and malware have been killed.

Hopefully we can fix it tomorrow, or even early Saturday.

Let's shoot for that. Everything is done except fixing the Security Center registry key , sweeping for any residual malware files and clean up. I will be on line fairly regularly tomorrow and Sat. For some reason the LEGACY_WSCSVC registry file didn't fully rebuild the registry key. Not sure why.

Thank you for all your time & assistance thus far!

You're welcome.

Let's see what the key shows.


Posted Image OTL Custom Scan

I have changed the settings so read the instructions carefully.

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC]
/md5start
wscsvc.dll
/md5stop


2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box greyed out None button at the top of the console.
  • Do Not click the boxes beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Do Not click any other boxes.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Please post the new OTL.txt log
  • 0

Advertisements


#41
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
OTL logfile created on: 12/21/2012 11:05:55 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ron (the merciful)\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 182.81 Mb Available Physical Memory | 35.85% Memory free
1.22 Gb Paging File | 0.58 Gb Available in Paging File | 47.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.65 Gb Total Space | 49.69 Gb Free Space | 70.33% Space Free | Partition Type: NTFS

Computer Name: RUSSO-DESKTOP | User Name: Ron (the merciful) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC] >

< MD5 for: WSCSVC.DLL >
[2012/12/20 18:53:01 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\Documents and Settings\Ron (the merciful)\Desktop\wscsvc.dll
[2012/12/20 18:53:01 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< End of report >
  • 0

#42
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Hi godawgs,

I'm about to leave & likely won't be back around the ill computer tomorrow (Saturday) and then I'll be out of town until 12/27 or 12/28.

I can check back in but won't be able to run fixes on that computer as it's a desktop. I posted the log. Not sure how you want to handle me being away, as I know threads are closed after 4 days, I think?

Maybe I can PM you when I'm back and we can finish off this work?

Thanks for all of your help thus far. I think we're finally getting close! (I hope!)
  • 0

#43
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ron,

I'm about to leave & likely won't be back around the ill computer tomorrow (Saturday) and then I'll be out of town until 12/27 or 12/28.

I can check back in but won't be able to run fixes on that computer as it's a desktop. I posted the log. Not sure how you want to handle me being away, as I know threads are closed after 4 days, I think?

No problem. I'll keep the thread open till then.

The wscsvc.dll file got put in the proper place, but it looks like the the entire [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC] wasn't created.

Did you download the LEGACY_WSCSVC.reg file in post #35 and save it to the desktop?
  • 0

#44
ron26

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Hi godawgs,

I'm back & will now be around without any interruptions.

Yes, the LEGACY_WSCSVC.reg file is/was saved to my desktop. Could I have accidentally run it from the downloads folder and not the desktop & that caused the problem?

Please advise with the next step(s).

Thank you!
  • 0

#45
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's try it again.

Step-1.

Close all open windows and any open Browsers.

  • Right click on the LEGACY_WSCSVC.reg file on the desktop and click Merge on the context menu that opens up.
  • Click OK on any prompts you may get.
  • Reboot the computer to make the changes effective.
After you have rebooted the computer:

Step-2.

Posted Image OTL Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC


Please re-open OTL
  • Double click the Posted Image icon on your desktop.
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the greyed out None button<---Very Important
  • Do Not click the box deside Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL.txt log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP